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(54) OPTICAL DISK, OPTICAL RECORDER, OPTICAL REPRODUCING DEVICE, ENCRYPTED 
COMMUNICATION SYSTEM, AND AUTHORIZING SYSTEM FOR USE 0F1»R0GRAM 



_ (57) The operating and other procedures of an opti- 
cal disl< application system of thelype for which a net- 
work is used are simplified. Optical disks have auxiliary 
data recording areas, where different IDs for individual 
disks, and/or cipher keys and/or decoding keys for 
ciphers are recorded in advance in a factory By using 

Fig. 1 



the IDs to release the soft ciphers, using the cipher keys 
when sending the ciphers, and using the decoding keys 
when receiving the ciphers, user authorization proce- 
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Descriptton 

TECHNICAL FIELD 

The present invention relates to an optical disk, an s 
optical disk system and a ayptocommunication 
method. 

BACKGROUND 

In recent years, with the increased use of networks 
such as the Internet and optical CD ROM disks, netwvork 
soft key distribution for optical ROM dislts has 
Increased. Also, electronic commercial transactions 
have increased. is 

Soft key electronic distribution systems for CD- 
ROM media have been used. In conventional systems, 
it is known to give passwords and decipher the enci- 
phered soft ciphers recorded on the CD-ROMs in 
advance. When CD-ROMs are used, however, It is not 20 
possible additionally to record on the diste, so that it is 
not possible to individually set IDs for respective disks. 
Therefore, one password would release the ciphers of 
all the disks manufactured from the same original disk. 
For this reason, when QD-iROMs are used, it is neces- as 
sary to install the disks' IDs on the hard disks of per- 
sonal computers, or mail to users IDs prepared 
centrally. 

In electronic distribution systems with converrtionai 
optical disks and/or optical disk systems, there is a need 30 
to provide the disks and/or systems with IDs and/or 
cipher keys. It is an object of the present invention to 
simply provMe IDs and cipher keys for F10M disks in 
electronic distritxjtion systems. 

3S 

SUMMARY OF THE INVENTION 

To achieve the Objects Of the present invention, the 
pit portions of optical disks are provided with an addi- 
tional recording area or Burst Cutting Area (hereinafter 40 
al3breviated as OCA) overwritten with a bar code and, 
when the disks are manufactured, IDs differing for each 
disk and, according to the need, cipher toys for commu- 
nication and decoding keys for decoding key cipher 
texts for communication, are recorded individually in the 4s 
BCA areais. As a result, when the disks have been dis- 
tributed to users, the user ID numbers, the cipher l«ys 
for transmissfon for communic^ion, and the decoding 
keys for reception are distributed automatically to the 
users. It is therefore possible to omit some of the proce- so 
dures that complicate conventional systems. Also, cryp- 
tocommunication and the identification of disks are 
made possible at the same time. 

BRIEF DESCRIPTION OF THE DRAWINGS 55 

Fig. 1 is a flow chart of an optical disk according to 
an embodiment of the present invention. 

Figs. 2a-c are aoss sections and results of trim- 



ming wilti a pulse laser aooording to an embodiment of 
the inwentran. 

Rgs. 3a-g show the signal reproduction waveforms 
at a trimming portion according to an embodiment of the 
Invention. 

Fig. 4 is a block diagram of a reproducer according 
to an embodiment of the invention. 

Fig. 5a shows the waveform of a reproduced signal 
at a BCA part according to the invention. Fig. 5b shows 
dimensional relationships of a BCA part according to 
the invention. 

Rg. 6 shows a method of cryptocommunication and 
a cipher key method by means of a password according 
to an embodiment of the present invention. 

Rgs. 7a-c show the fonnat of a BCA according to 
the inventfon. 

Rg. 8 shows a method of cryptocommunication and 
a method of unlocking a cipher with a password accord- 
ing to an embodiment of the invention. 

Rg. 9 shows a procedure for operation of a disk, the 
content part of which may have been licensed, accord- 
ing to an embodiment of the im/ention. 

Rg. 10 is a block diagram of an example wherein a 
BCA has been recorded in a RAM disk according to an 
embodiment of the present inventfon. 

Rg. 1 1 is abtock diagram of a method or system for 
preventfon of unauthorized copying according to an 
embodiment of the Inventfon. 

Rg. 12 is a ftow chart depicting preventing unau- 
thorized copying according to an embodiment of the 
invention. 

Rg. 13a is a plan view and Fig. 13b is a cross sec- 
tion of an optical disk, on the BOA of which an article or 
commodity bar code has been printed, according to an 
embodiment of the invention. Fig. 13c shows a rtiethod 
of producing an optical disk according to an embodi- 
ment of the inventfon. 

Rg. 14 is a block diagram of a POS settlement sys- 
tem with a ROM disk having a BCA and a POS terminal 
aocoiding to an embodiment of the invention. 

Rg. 15 is a flow chart of cipher release in and 
between a press company, a software company and a 
selling store, according to an embodiment of the 
present invention. 

Rgs. 16 and 17 are flow charts (Parts 1 and 2, 
respectively) of steps of enciphering and decoding 
cipher data with a disk ID and/or the like according to an 
embodiment of the inventfon. 

Rgs. 18, 19 and 20 are flow charts (Parts 1, 2 and 
3, respectively) of communication cipher key distribution 
and cryptocommunication with a BCA according to an 
embodiment of the invention. 

Rgs. 21 , 22 and 23 are flow charts {Parts 1 , 2 and 
3, respectively) of an electronic settlement system with 
a BCA according to an embodiment of the present 
invention. 

Rg. 24 is a block diagram of a method of recording 
and reproducing for recording limitation to one RAM 
disk with a BCA according to an embodiment of the 
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invention. 

At ttie end of this specification is appended a list 
identifying items corresponding to the reference numer- 
als used in the aforementioned dravirings, that isting 
being in consecutive numerical order of the reference 
numerals. 

DETAILED DESCRIPTION OF THE INVENTION 

The present invention will be described on the basis 
a number of embodiments. Herein, an additional record- 
ing area using the BCA s/stem is refen-ed to as a 'BOA 
area', and data recorded in a BCA is referred to as "BCA 
data'. In addition, first identification data is refen-ed to as 
'ID' or 'disk ID'. 

Fig. 1 shows a typical process for producing a disk 
with a BCA. The first cipher key 802, such as a public 
key, is used by a cipher encoder or scrambler 803 to 
encipher contents 777 irtto the first cipher 805. An 8-16 
modulator 91 7, such as a mastering unit, modulates the 
first cipher 805. A laser records the modulated signal as 
pits In the first recording area 919 of an original disk 
800. A molding machine 808a uses the original disk 800 
to mold disk-like transparent substrates (not shown). A 
reflecting film making machine 808b forms reflecting Al 
films, and makes single-sided disks 809a and 809b 
which are each 0.6 millimeter thick A bonding machine 
808c laminates these disks together to make a com- 
pleted disk 809. A trimming unit 807 modulates the disk 
ID 921 , the first cipher decoding key 922, or the second 
cipher key 923 for Internet communication in the second 
recording area 920 of the completed disk 809, with a 
Phase Encoding-Return to Zero (PE-RZ) modulator 
B07a, which combines PE modulatiori and RZ mcdula- 

disk 801 with a BCA. Because laminated disks are 
used, it is not possible to alter the BCA inside, and thus 
the completed disk can be used for security. 

A BCA will next be explained briefly 

As shown in Fig. 2a, a pulse laser 808 trims the 
reflecting aluminum films 809 of the two-layer disk 800 
in a BCA to record a stripe-like low reflection part 810 
on the basis of a PE modulating signal. As shown in Fig. 
2b, BCA stripes are formed on the disk. If the stripes are 
reproduced by a conventional optical head, the BCA 
has no reflecting signal. Therefore, as shown in Fig. 2c, 
gaps 810a, 810b and 810c are produced, where the 
modulating signal is missing. The modulating signal is 
sliced at the first slice level 915. But, the ^ps 810a-c 
have a low signal level, and can therefore be sliced eas- 
ily at the second slice level 916. As shown with the 
recorded and reproduced waveforms In Fig. 3, it is pos- 
sible to reproduce the formed bar codes 923a and 923b 
by level-slicing them at the second slice level 916 by a 
conventional optical pickup as shown in Fig. 3e. As 
shown in Fig. 3f, the waveforms of the codes are shaped 
by a LPF filter so as to PE-RZ decode the codes. As 
shown In Fig. 3g, a digital signd is output. 

With reference to Fig. 4, the decoding operation will 



be explained. A disk 801 with a BCA includes two trans- 
parent substrates, which are laminated with a recording 
layer 801a between them. The recording layer may 
either be a single layer 801a or include two recording 

5 layers 800a and 800b. If there are two layers, a BCA flag 
922 is recorded in the control data of the first recording 
layer 800a, which is adjacent to the optical head 6. The 
flag 922 indicates whether a BCA is recoided or not. 
Because a BCA is recorded in the second layer 800b, 

10 the first recording layer 800a is focused on first, and the 
optical head 6 is moved to the radial position of the con- 
trol data 924 in the innermost edge of the second 
recording area 919. The control data is main data, and 
has therefore been Eight to Fourteen Modulation 

IS (EFM), 8-15or8-16 modulated. Only when the BCA flag 
922 in the control data is '1', a singieA;jouble layer 
switching part 827 focuses on the second recording 
layer 801b to reproduce the BCA. If the signal is sliced 
by a level slicer 590 at the general first slice level 91 5 as 

20 shown in Fig. 2c, it is converted into a digital signal. This 
signal is denmdulated in the first demodulation part by 
an EFM demodulator 925, an 8-15 modulator-demodu- 
lator 926 or an 8-16 modulator-demodulator 927. An 
ECC decoder 36 corrects errors, if any, and outputs 

25 main data. The control data in the main data is repro- 
duced and only If the BCA flag 922 is 1 is the BCA read. 
When the BCA flag 922 is 1 , a CPU 923 orders the sin^ 
gle/double layer switching part 827 to drive a focus 
adjustment part 828, switching the focus from the first 

30 recording layer 801a to the second recording layer 
801b. At the same time, the optical head 6 Is moved to 
the radial positton of the second recording area 920, 
that is, for the DVD standard, the BCA is recorded 
between 22.3 and 23.5 mm from the inner edge of the 

-35 contmljlata. Then the BCA is read. Reproduced in the 
BCA area is a signal with a partially missing envelope 
as shown in Rg. 2c. By setting in the second level slicer 
929 the second slice level 916 ofiwhich1he quantity of 
light is smaller than that of the first slice level 915. it is 

40 possible to detect the missing parts of the reflecting por- 
tion of the BCA, and a digital signal is output. This signal 
is PE-RZ demodulated by the second demodulation 
part 930, and ECC decoded by an ECC decoder gsob 
so as to output BCA data, which is auxiliary data. Thus, 

45 the first demodulator 928, operative according to, 8-1 6 
modulation demodulates and reproduces the main data, 
while the second demodulation part 930 operative 
according to PE-RZ modulation demodulates and 
reproduces the auxiliary data, that is, the BCA data. 

50 Rg. 5a shows the reproduced waveform before 
passage through a filter 943. Rg. 5b shows the working 
size accuracy (precision) of the slits of the low reflecting 
portion 810. It is difficult to make the slit width less than 
5mm. In addition, if the data is not recorded inward radi- 

55 ally from 23.5 mm, it will not be properly reproduced. 
Therefore, for a DVD, because of the limitations of the 
shortest recording cyde of 30 mm and the maximum 
radius of 23.5 mm, the maximum capacity after format- 
ting is limited to 188 bytes or less. 
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The modulating signal is recorded as pits by the 8- 
16 modulation mode, and a high frequency signal such 
as the high frequency signal part 933 in Fig. 5a is 
obtained. However, the BCA signal is a low frequency 
signal like low frequency signal part 932. Thus, if the 5 
main data complies with the DVD standard, it is a high 
frequency signal 932 which is about 4.5 MHz or less, 
shown in Fig. 5a, and the auxiliary data is a low fre- 
quency signal 933 which is 8.92 ms in period, that is. 
about 100 kHz. H is therefore relatively simple to fre- 10 
quency-separate the auxiliary data with a LPF 943. A 
frequency-eeparating method 934 as shown in Fig. 4, 
including the LPF 943 can easily separate the two sig- 
nals. In this case, the LPF 943, may be simple in struc- 
ture. IS 

The foregoing is an outline of the BCA. 

With reference to Fig. 6, the overall system of a 
cipher software unlatching system, narrowed down to 
the operations of password issue, cryptocommunica- 
tion, and orderer certification, will be described. The 20 
steps in a press factory are nearly the same as in Fig. 1 . 
so the original disk 800 and the completed disk 809 are 
not shown. 

In a press factory 811 , a cipher encoder 812 enci- 
phers the data in the plaintexts 810 of ttie first to the '1- 25 
m'th contents or saambles the picture signals therein 
with the first to '1- m'th cipher keys 813, respectr/ely. 
The data or the signals are then recorded on an original 
optical disk 800. Disk-like substrates 809 are pressed 
from the original disk 800. After a reflecting film is so 
formed on each substrate 809, the two disk-like sub- 
strates are laminated together. Thereafter a completed 
disk 809 is made. Recorded in the BCA areas 814 of 
completed disks 809 are different IDs 815 and/or first 
cipher keys 81 6 (public keys) and/or second cipher keys 3S 

817 (public keys) and second computer connection 
addresses 818 so as to make disks 801 each with a 
BCA. The disks 801 are distributed to users. 

The contents of these disks have been enciphered. 
Therefore, in order to reproduce the contents of each of 40 
the disks, it is necessary to get a password from a pass- 
word issue center an electronic shop or a mall, by pay- 
ing a charge. That procedure will be described next. 

In a user's first computer 909, if a reproducer 819 
reproduces a distributed disk 801 with a BCA. a BCA 4S 
reproduction part 820 including a PE-RZ demodulation 
part reproduces the data of the ID 815, first cipher key 
816, second cipher key 817 and/or connection address 
818. In order to get a password, the connection address 

81 8 of the second computer 82 1 a, which is the server of so 
a password issue center 821 , is accessed through a 
communication part 822 via the Internet or another net- 
work 823, and the ID is transmitted to the second com- 
puter 821a 

Here, the cryptocommunication procedure will be 55 
described. The second computer 82la receives the ID 
815 from the user's reproducer 819. Then, the second 
computer or server 821a of the password issue center 
821 , which is called a 'mall' or an 'electronic shop' has a 



cipher tey database 824. This database contains a 
table of the secret keys which are the decoding keys 
corresponding to the disks' own IDs or the first cipher 
keys 816 of the IDs, that is the first decoding keys 825 
and the IDs. The server can therefore search for the first 
decoding key 825 based on the received ID. Thus cryp- 
tocommunication is completed from the first computer 
to the second conputer 821a. In this case, if the first 
cipher key and first decoding key are common keys of a 
common key cipher, not of an public key cipher, they are 
the same key 

If the user wants to use part of the enciphered con- 
tents stored on the disk 801, which may be 1,000 in 
number, for ecample, the content number 826 of which 
is 'n'. the user sends to the second computer 821a ttie 
cipher which is the content number 826, that is, 'n' enci- 
phered with the public key which is the first cipher key 
816 by the first cipher encoder 827 composed of public 
key cipher functions. The second computer 821a 
searches for the first decoding key 825 for decoding this 
cipher as stated above. It is therefore possible securely 
to convert this cipher into plaintext. Thus, the cipher pro- 
tects the privacy of the user's order data. 

In this case, a signature may be made by means of 
the secret tey of the public key cipher as the first cipher 
key 816. This method is called 'digital signature'. For a 
detailed explanation of the operafion of 'digital signa- 
ture", see, for example, 'Digital Signature of E-Mail 
Security by Bruce Schneider 1995'. 

Back to the cryptocommunication, the cipher is sent 
through the communication part 822 and network 823 to 
the first cipher decoder 827 of the password issue 
center 821. Thus the first cipher decoder 827 decodes 
the cipher by means of the first pair cipher key 825 pair- 
ing with the first cipher tey 816. 

In this case, because only the one disk has the pub- 
lic tey, it is possible to reject invalid t>rders from tNrd 
parties' diste. In other words, because each disk can be 
certified, it is possible to certify the user who owns the 
disk. It is thus certified that the content number 'n' rep- 
resents a particular Individual's order. It is therefore pos- 
sible to exclude invalid orders of third parties. 

If the public key 81 6 is seaet. this method can tech- 
nically be used to send a credit card nurhber, or other 
accounting data which requires high security. Generally 
shops called 'malls' however, do not settle users' 
accounting data electronically, because there is no 
guarantee of security. Only the accounting centers 828 
of credit card companies, banks and the like can deal 
with users' financial data. Presently, security standards 
such as secure electronic transaction (SET) are being 
unified, so it is probable that RIvest, Shamir and Adle- 
man (RSA) 1024 bit public tey ciphers will be used and 
the encipherment of financial data will be possible. 

Ned, the accounting data cryptocommunication 
procedure of the present invention will be shown. First, 
by using the second cipher key 817 of the public key 
cipher reproduced by the BCA reproduction part 820, 
the second cipher encoder 831 enciphers the account- 
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ing data 830 such as an individual's credit card number 
with a public key system cipher such as RSA. The enci- 
phered data is sent from the communication part 822 
through the second computer 821 to the cipher decoder 
832 of the third computer 828. In this case, if there is a 
need for digital signature, the secret key 829 is used as 
the second cipher key 81 7. 

Similar to the procedure for the cipher key of the 
second computer 821a of the passvrord issue center 
821, it is possible to search the cipher key database 
824a for the second decoding key 829 con-esponding to 
the ID or the second cipher tey 817. By using tNs 
decoding key 829, the second cipher decoder 832 can 
decode the enciphered accounting data. 

If a digital signature is made by the second cipher 
encoder 831 with the secret key 829, the user's signa- 
ture can be confirmed in the second cipher decoder 
832. The accounting center 828 can thus get the user's 
credit card number, bank card number, bank password, 
or other accounting data safely even via the Internet. In 
open networks such as the Internet, security comes into 
question. By means of this system, however, it is possi- 
iAe to make cryptocommunicaton or certification with- 
out fault, because the cipher key (public key) for 
cryptocommunication or the secret toy for digital Signa- 
ture has been recorded in the BCA. It is therefore possi- 
ble to prevent third parties' unauthorized accainting 
and orders. In addition, because It Is possible to use var- 
ious public keys for different disks, that is, different 
users, the confidentiality of communkaflon Is Improved, 
and the possibility of users' accounting data leaking to 
third parties is reduced. 

Refering back to Fig. 6, the procedure for issuing a 
password and the procedure fbr unlatching with apass- 
word^ wi ll be exp lained Jhe pi 
includes a password generation part 834 with an opera- 
tion expression of public key ciphers etc. Part 834 gen- 
erates a password on the basis of three data fields, 
namely, the ID, the content number which the user 
wants to unlatch, and the time data representing the 
period of use allowed. The generated password is sent 
to the first computer 909. In the simplest structure 
example, the second computer enciphers with the pub- 
lic tey fbr the public key cipher the data which is a mix 
of the decoding key disk ID for releasing the cipher of 
the '1 - nth content and the timing data, pr^>ares at the 
password generation part 834 the '1- nth password 
834a which is a mix of secret keys for unlatching the 
enciphered data, and sends this password 834a to the 
first computer 909. The first computer 909 receives the 
'1- n'th password, and decodes with the secret key the 
mixed keys of the disk ID, the timing data and the '1 - n th 
content. Here, the password operation part 836 checks 
the ID 835a of the BCA reproduced from the disk, the 



decoded. The '1 - n th content 838 then Is output. The 
period of output is limited to the time during which the 
first timing data 833 and second timing data 835b coin- 
cide. The password operation part 836 of the first com- 
puter 909 computes three data fields, which are the ID, 
the password 835 and the timing data from the clock 
836b representing the present time. If the ID and timing 
data are correct, the con-ect decoding keiy is output as 
the result of the computation. Therefore, the cipher 
decoder 837 decodes or descrambles the '1 - nth cipher, 
outputting the plaintext data of the '1- nth content 838. 
or a desaambled picture sighal or audio sUgnei. 

In this case, if the second timing data 835b of the 
dock 836b does not coincide with the first timing data 
838 of the password, the cipher is not correctly decoded 
and therefore not reproduced. If timing data is used, it 
can be applied to time-limit type rental systems, so that 
a movie can be reproduced for only three days during a 
rental period. 

While Fig. 6 shows the procedure in a bio(k dia- 
gram, the flowcharts of the procedure will be e]q3lained 
later with reference to Figs. 16 - 23. 

Next, the system for the cipher tey wijl be 
described. By putting, as shown in Fig. 7a, both the first 
cipher tey 81 6 and second cipher tey 81 7 in the BCA, it 
is possible to provide two securities, for a commodity 
deal with a shopping mall and an account settlement 
with an 'accounting center'. 

In this case, with respect to the security with an 
accounting center, it is planned to unify standards such 
as SET so that an RSA 1024, that Is 128 byte cipher 
tey, will be stored in the second cipher tey area 817a. 
Then, because the BCA lias only 188 bytes, only 60 
bytes remain for the dpher tey for dealing with a shop- 

a cipher function which is 20 bytes in magnitude and 
which has a security level equal to that of 128 bytes of 
RSA 1024. 

An elliptic function Is used In the first cipher key 
area 816a of the present invention. An elliptic function 
can obtain 20 byte security, which is equivalent to RSA 
1024. Therefore, by using an elliptic function, it Is possi- 
ble to store both the first cipher key 816 and second 
cipher key 81 7 in the 188 byte BCA area. 

By applying a BCA to an optical ROM disk, as 
stated before, it is possible to record a disk's own ID 
number, the first and second cipher teys, and a connec- 
tion address. In this case, if the Internet is used, a mall 
is accessed automatically, and merely by distributing 
disks with cipher keys recorded in the BCAs, security is 
possible for distribution of commodities by releasing the 
ciphers of contents, certification and keeping secret pur- 
chase of goods, certification and keeping secret when 
accounts are settled, and the lite. Therefore, the 



present second timing data 835b. the allowed ID 833a ss method of cryptocommunication of the present Inven- 



and the first timing data 833, and operates to determine 
if they coincide. If they do coincMe,. they are allowed. 
The '1- nth decoding key 836a is output to the cipher 
decoder 837. The cipher 837a of the '1- nth content is 



tiori can, without towering security, omit and rationalize 
the conventtonal operations of using IC cards, ftoppy 
disks and/or letters to distribute IDs and/Or dpher keys 
to users. This is a great advantage. Furthermore, a 
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URL, which Is an Internet connection address, is not 
fixed, but changeable. The URL is recorded in the origi- 
nal disk, and may be accessed. It is, however, not effi- 
cient from the points of view of time and cost to vary the 
original disk when a URL change is made. By having 5 
recorded the changed URL In the BCA, and connecting 
the BCA connection address 931 instead of the connec- 
tion address of the original disk only if the conriection 
address 931 is reproduced from the BCA, It is possible 
to access the changed address 931 without preparing a w 
new original disk. 

Rg. 6 shows a case where the first tey of the public 
key and the first key of the public key have been 
recorded in the BOA. 

Rg. 8 shows two diagrams, In one of which the first is 
cipher key 816 of the public key and the third decoding 
key 817a of the secret key have been recorded in the 
BCA. In the other diagram, a cipher key is produced for 
cryptocommunlcation. Because the procedure is similar 
to that of Fig. 6, only different points will be described. 20 
First, in a press factory, the first cipher key 81 6 and third 
decoding key 817a are recorded in the BCA. The third 
decoding key 817a is used to receive the cipher enci- 
phered with the public key from an accounting center. In 
this case, the reception security is improved. sb 

First, with reference to Fig. 8, a more specific exam- 
ple of cryptocommunlcation where a cipher key is gen- 
erated will be described. Because the first cipher key 
816 is a public key. It is necessary to record the third 
decoding key 817a for reception In the BCA. But the 30 
BCA has a small capacity In addition, the public key 
needs processing time. Therefore, in Fig. 8, the cipher 
key generation part 838a of the first computer 836 gen- 

^erates..a pair Jif_a cipher key and a decoding key for the 

public key or a common key by means of a random ss 
number generator or the like. An example of the com- 
mon key will be descrbed. A common key K 838 is enci- 
phered with the first cipher k^ 816 and first cipher 
encoder 842, and sent to the second computer 821a. 
The second computer uses the main decoding key 844 40 
to convert this cipher into plaintext by means of the main 
cipher decoder 843, obtaining a common key K 838a. 
Because both have the common key K. it is possible to 
make cryptocommunlcation from a shop to a user, that 
is, from the second cocrputer 821 a to the first computer 45 
836 by delivering the common l«y K to the second 
cipher encoder 842a and second cipher decoder 847a. 
Naturally, it is also possible to make cryptocommunlca- 
tion from the user to the shop, that is, from the first com- 
puter 836 to the second computer 821a by delivering 50 
the common key K to the second cipher encoder 827a 
and second cipher decoder 845a. The effects of the 
method of recording in the BCA the first cipher key 
which is a public key and generating a cipher key will be 
stated. First, it is necessary only to record the first ss 
cipher key, so that the recording of the decoding key can 
be omitted. Therefore, the small capacity of the BCA is 
not reduced. Second, because the decoding key is 
recorded In the BCA, the security Is improved. The com- 



mon tey may be changed each time. 

Because of the short operatnn tkne, the processing 
time is short in this case, if the cipher key generation 
part 838a has generated a pair of a cipher key and a 
decoding l«y of a public key cipher, not a common key, 
it is possible to make the security higher than that with 
the common key, though the processing time is longer, 
by cryptically sending the cipher key to the second com- 
pirter 821a, using this key as the cipher key of the sec- 
ond cipher encoder 842a, and using the decoding key 
as the decoding key of the second cipher decoder 847. 
If the performance of the processing CPU is high, it is 
preferable that the public key be used. If a new public 
key is generated, only the public ley lor the first cipher 
l«ey is recorded in the BOA, so that no problems of secu- 
rity arise. No capacity of the BCA Is consumed either. In 
addition, because it is not necessary to change the 
dpher key. maintenance is easy. 

This time, if the common key K 838 is defined at the 
second computer 821a of the password issue center 
821. the common key is enciphered with the third cipher 
key 839 fc>y the third cipher encoder 840, and sent to the 
personal computer 836. By using the third decoding key 
837 which is the secret key reproduced from the BCA, 
the third cipher decoder 841 of ttie personal computer 
836 makes a translation into plaintext to obtain a com- 
mon key K 838b. In this case, because only this user 
has the third decoding key 81 7a which is the secret tey, 
it is possible to prevent the contents of communication 
from the center to the user from leaking to third parties. 
The format of this case is shown in Fig. 7b. If an elliptic 
functkxi is used, the third decoding key 839b may be 20 
bytes, and can therefore be stored in the BCA. 

Fig. 9 shows a system forxeducing the costs of pre- 
paring an original disk by using a BCA in en encipher- 
mentdisk. 

If there is a number 'n* of, for example, 1,000 plain- 
text contents 850, the cipher encoder 852 enciphers 
them with the first to the 'mth cipher keys 851 , respec- 
tively The ciphered first to the m'th contents 853, the 
decoding program 854a for the first to 'mlh contents, 
and the second cipher decoder 861 a, which is the pro- 
gram for decoding the second cipher, are recorded as 
pits in an original disk and then molded into a subsfrate, 
and a reflecting film is formed. Thereafter, two sub- 
strates are laminated together to complete an optical 
disk 801 . The second cipher encoder 860 enciphers the 
decoding data 854 such as the password fbr unlatching 
the "1 - nth, for etample. the first content, and the decod- 
ing key Recorded in advance in the BCA of the first disk 
are the disk's own identification data, that is, the ID 855 
and the second cipher which is the enciphered decod- 
ing data. Then, in the reproducer, the second cipher is 
reproduced from the BCA reproduction part 820. The 
second cipher decoder 861 is reproduced from the data 
reproduction part 862, which reproduces the ordinary 
recorded data other than the BCA. Therefore, the sec- 
ond cipher decoder 861 is used to decade the second 
cipher, reproducing the ID SSiSa and '1- nth password 
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854a. The cipher decoder 855b uses the decoding pro- 
gram 854a for the '1 - n'th content reproduced from the 
data reproduction part 862, and uses Vne ID 855a and 
password 854a to decode the first cipher, obtaining the 
plaintext 855c of the '1 - nth content and the identiflca- 
ilon data 855a. For a personal computer, the content 
and ID are recorded on the hard disl< 863. This ID 855a 
checks to determine if there is no same ID on a network 
when the program has started, and the ID 855a actu- 
ates the network protection. It is therefore possible to 
prevent the software from being illegally installed. This 
is yet another advantage of the present invention. For 
example, if 1 ,000 enciphered contents are stored and 
decoding data such as a password corresponding to a 
particular software application are recorded on an origi- 
nal disk, this is equivalent in substance to the prepara- 
tion of an optical ROM disk for a particular content. It is 
possible to obtain with one original disk the same effect 
as in the case where original disks for 1,000 kinds of 
software are cut. It is therefore possible to reduce the 
costs and time or labor for preparing an original disk. 

Described with reference to Rg. 10 is the procedure 
for enciphering contents with a BCA when recording 
them on a RAM disk. First, the BCA reproduction part 
820 reproduces the BCA data from the RAM disk 856, 
outputs an ID 857, and sends It through the interfaces 
858a and 858b and the network to the encipherment 
part 859. The cipher encoder 861 of the encipherment 
part 859 enciphers contents 860 or scrambles picture 
and sound signals by means of a key Including the ID 
857. The enciphered contents are sent to the 
recorder/reproducer, where the recording circuit 862 
records them on the RAM disk 856. 

Next, when this signal is reproduced, the data 
-feproduction-part 865^emodulates the^rrain data to 
reproduce the enciphered signal, and the cipher 
decoder 863 decodes the reproduced signal. The BCA 
reproduction part 820 reproduces data containing the 
ID 857 from the BCA area of the RAM disk 856. The 
reproduced data is sent as part of the key to the cipher 
decoder 863. If normally copied, the cipher key 
recorded in the RAM disk is a normal disk ID. The RAM 
disk ID, also, is a normal disk ID. Therefore, the cipher is 
decoded or descrambled to output the plaintext 864 of 
the '1- nth content. For a graphic data, for example, the 
MPEG signal is extended to obtain a picture signal. 

In this case, the disk ID is Vne key for encipherment. 
Because each disk is unique, it can be copied on only 
one RAM disk. 

If a disk ID is copied from a normal RAM disk to 
another RAM disk, 101 which is the original normal disk 
ID differs from ID2 which is the disk ID of the other, 
unauthorized, RAM disk. If the BCA of the unauthorized 
RAM disk is reproduced, ID2 is reproduced. The con- 
tents are ciphered with IDl, however, so that, even if 
unlatching Is attempted with ID2 at the cipher decoder 
863, the cipher is not decoded because the key differs. 
Thus, the signal of the illegally copied RAM disk is not 
output, 80 that the copyright is protected. The present 



invention uses a disk ID system. Therefore, by repro- 
ducing with any drive the normal RAM disk copied nor- 
mally only once, it is possible to unlatch the cipher. The 
encipherment part 859 may, in place of the center, be an 

5 IC card with a cipher encoder. 

With reference to the block diagram of Fig. 1 1 and 
the flowchart of Fig. 12, the method of preventing copy- 
ing will be desaibed. At Step 877a, the installation pro- 
gram Is actuated. At Step 877b. the BCA reproduction 

10 part 820 outputs the ID of the auxiliary data from the 
laminated optical disk 801. At Step 877d, the data 
reproduction part 865 reproduces the contents and net- 
work check software 870 from the main data. The con- 
tents and the ID 857 are recorded on the HDD 872. At 

15 Step 877c, the ID 857 is encoded with a particular 
secret cipher so as not to be altered illegally, and is 
recorded as a soft ID in the HDD 857. Thus, the soft ID 
873 is recorded together with the contents on the HDD 

872 of a personal computer 876. Here descrfoed is the 
so case where the program Is started at Step 877f of Fig. 

12. When the program is started, the procedure goes to 
Step 877g. where the soft ID 873 of the HDD 872 is 
reproduced, and the soft ID 873a in the HDD 872a of 
another personal computer 876a on a netwak 876 is 

25 checked through the interface 875. At Step 877h, a 
check is made to judge if the soft ID 873a of the other 
personal computer and the soft ID 873 are the same 
number. If so, the procedure goes to Step 877j, where 
the start of the program of the personal computer 876 is 

30 Stopped or a warning message Is displayed on the 
screen. 

If the soft ID 873a of the other personal computer 
and the soft ID 873 are different, the contents are not 
installed in the plurality of the computers on the net-, 
35— work. It-is therefore decided that there are no illegal cop- 
ies. Then the procedure goes to Step 877k, where the 
start of the program is permitted. In this case, the soft ID 

873 may be sent to other personal computers through 
the network. This personal computer can detect illegal 

40 installation by checking duplication of the soft IDs of the 
personal computers. H there is illegal installation, a 
warning message is sent to the appropriate personal 
computer/s. 

Thus, by recording the ID in the BCA, and recording 
45 the network check program in the pH recording area, it is 
possible to prevent multiple installation of the software 
of the same ID on the same network. In this way, simple 
protection from illegal copies is realized. 

By, as shown In Fig. 13a, applying a write (writing) 
60 layer 850 of white material, on which characters or the 
like can be written, it is possible to not only print charac- 
ters and write a password or the like with a pen, but also 
prevent the substrates of the optical disk from being 
damaged because the write layer 850 thickens. The 
55 disk ID 81 5, which is part of the BCA data 849 recorded 
by trimming in the BCA area 801a above tfie write layer 
850, Is translated Into plaintext. The plaintext is con- 
verted Into alphanumeric characters 851. By printing 
the characters 851 and general bar code 8S2, it is pos- 
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sible for the store and/or user to confirm and/or check 
the ID with a POS bar code reader and/or visually, with- 
out reading the BCA with a reproducer. The visible ID is 
not necessary if the user informs the center of the ID 
through a personal computer. If, however, the user com- 
municates the ID aurally by telephone to the center, it is 
possible to inform the center of the ID without inserting 
the disk in a personal computer, by printing the ID iden- 
tical with the BCA ID in visible form on thedisic, because 
the user can visually read the ID. With reference to the 
flowchart of Fig. 13c. the steps for making an optical 
disk will be explained. At Step 853d, disks are molded 
from an original disk, and substrates in which pits have 
been recorded are made. At Step 853e, aluminum 
reflection films are made. At Step 853f, two disk sub- 
strates are laminated with an adhesive so that a DVD 
disk or the like is completed. At Step 8S3g, a label is 
printed by screen printing on one side of each disk. At 
this step, the original disk's own identification data is 
recwded in the form of a bar code. At Step 853h, an ID 
and/or other identification informallon is printed in ttie 
format of a bar code for POS on each disk by an ink jet 
bar code printer or a thermal-transaiption bar code 
printer or the like. At Step 8531, the bar code is read by 
a bar code reader. At Step 853j, a BCA data corre- 
sponding to the identification data is recorded in the 
second recording area of the disk. According to this 
method of manufacturing, the BCA data is recorded 
after all the steps including the POS bar code and 
excluding the BCA are finished and then the disk identi- 
fication data is confirnied. The BCA can be read only by 
reproducing the disk, biit the POS bar code, which is 
low in density, can be read by a commercial bar code 
reader. T he disk ID can be discriminated at every step in 
the factory By recording the disk ID in ttie form of a POS 
bar code before the BCA trimming, it is possible to 
-almost completely prevent the BCA and the POS bar 
code from being illegally recorded. 

The method of using a BCA will be stated by which 
secondary recording and tertiary recording, too, can be 
made by the BCA method. As shown at Process 2 in 
Fig. 15. a software maker can also secondarily record a 
pirated edibon prevoition mark and a check cipher. At 
Process 2, disks 944b may be made in which different 
ID numbers and/or cipher keys lor secret communica- 
tion with users have been recorded. It is possible to 
replay the disks 944c and 944d without entering the 
passwords. 

For another application, at Process 3, an enci- 
phered or scrambled MPEG picture signal and/or other 
data is recorded on a disk 944e. The operation of the 
MPEG scramble will not be explained in detail. At Proc- 
ess 4, the software company makes a disk 844f in which 
a sub-public key for decoding the ID number and the 
scramble release data have been BCA-recorded sec- 
ondarily. It Is not possible to replay this disk solely. At 
Process 5, the selling store, after receiving the money 
for the disk, makes a password with the sub-secret tey 
paired with the sub-public tey, and records it tertiarily on 



the disk. Alternatively, a receipt on which the password 
has been printed is given to the user. Thereafter, the 
password has been recorded in the disk 844g, so that 
the user can replay it. This method prevents a disk not 
5 paid for from being replayed normally, even if the disk is 
shoplifted, because the scramble of the image is not 
released. As a result, shoplifting renders a useless 
product and thus decreases. 

K a password is BCA-recorded permanently in a 
10 rental video store or another store, a shoplifted disk can 
be used. In this case, as shown at Process 6, the BCA 
is read by a POS bar code reader in the store. A pass- 
word for releasing the scramble is issued at Step 951g. 
printed on the receipt at Step 9511. and handed to the 
15 customer at Step 951j. The customer enters, at Step 
951k, the password on the receipt in a player with 
numeric keys at his/her house. At Step 951 p, the disk is 
relayed for a predetermined number of days. If a user 
rents a disk, given a password for only part of the soft- 
20 ware in the disK and when he/she wants to view other 
pert of the sofhware, he^he can replay it by being 
informed of the password for this part by telephone at 
Step 951 u, and entering the password at Step 951k: A 
rental video store has been shown as an exarr^jle. 
25 When a piece of enciphered software for a personal 
computer is sold at a personal computer software store, 
the password may be printed by a POS terminal and 
handed to the buyer. 

Tlie operations of Processes 5 and 6 in Fig. 1 5 at a 
30 selling or rental store will be explained in more detail 
with reference to Fig. 14. A selling store receives an 
enciphered and/or scrambled disk 944f from the soft- 
ware maker. After the store confirms its receipt of 

_jnQn«a!J»inA.iKBr, JB:fiandsiifflm,l1sJ3ar <^ recorder 

35 945 the ID number of the disk 944f and the data on the 
sub-puWic key via Hs POS terminal 946 to the password 
issue center 952. For a small-scale system, the pass- 
word issue center, that is, the system including the sub- 
secret key of the sub-public key may exist in the POS 
40 terminal. The password issue center inputs the disk ID 
number and the time data at Step 951q. computes them 
at Step 951 s, enciphers them with the sub-secret key at 
Step gsit issues a password at Step 951g, and sends 
it through the network 948 and POS terminal 846 to the 
45 BCA bar code recorder 945. Then the recorded disk 
944g is handed to the customer. The disk 944g can be 
replayed as it is. 

For rental stores and personal computer software 
stores, ROM diste 944f the ciphers and/or scrambles of 
50 which have not been released are displayed in stores. If 
a customer designates a particular ROM disk 944f , the 
bar code of the reflection layer by the non-reflection part 
915 of the disk 944f is read, so that the disk ID number 
is read, by a person holding a circular bar code reader 
55 950 with an integrated rotary optical head 953 for spi- 
rally scanning, and pressing it on the center of disk 900 
in a transparent case. By printing the commodity bar 
code of the disk ID as shown at 852 in Fig. 13, it is pos- 
sible to read the code with an oidinary POS terminal bar 
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code reader. Alternatively, the pressed circular bar code 
recorded in advance on the original disk may be read. 
These data Including the disk ID are processed by the 
POS terminal 946. The charge is settled by credit card. 
The password issue center issues, at Step gsig, a 
password associated with the ID number as stated 
abwe. For rental use, a password is made by encipher- 
ing the disk ID number with date data added ae used at 
Step 951 r in order to limit the number of days for which 
the disk can be replayed. For this password, the disk 
can operate on only particular days. It is therefore pos- 
sible to set a rental period, which may be three days, for 
instance, in the password. 

The thus issued password for descrambling is 
printed at Step 951 i together with the date of rent, the 
date of return and the rental title charge on the receipt 
949, and handed with the disk to the customer. The cus- 
tomer takes the disk 944] and receipt 949 home. At step 
951k, the customer enters the password with the ten- 
key input part 954 of the first computer 909 in Fig. 6, so 
that the password 835 is computed with the ID number 
835a and input into the cipher decoder 837. Then, the 
pasawid is converted into plaintext by means of the 
decoding tey. Only If the password is correct, will the 
cipher decoder 837 descramble the program data and 
supply image output. 

In this case, if the password includes time data, the 
data is checked with the date data of the clock part 
836b. The password is descrarrftled tor the coincident 
dates. The Inputted password is stored together with the 
associated ID number in the nonvolatile memory 755a 
of the memory 755. Once the user enters the password, 
it is descrambled without being entered again. It Is thus 
possible to lock and unlock the disk electronically in dis- 
-tribution, -- 

With referience to Fig. 16, the method of decoding 
the software of a disk which has been recorded as 
cipher data will be explained in detail. 

Step (Process) 865 represents the overall flow of 
distribution of cipher data and individual IDs to users. 
First, at Step 865a. a number 'm' of data enciphered 
with the secret first cipher key and a program for decod- 
ing the enciphered data are recorded in the ROM area 
of an original disk. At Step 865b, substrates are molded 
from the original disk, and then the substrates with 
reflection films added thereto are laminated in pairs to 
mate completed FOM disks. At Step 865c, the decod- 
ing data (the disk identtfication data different for the 
pressed disks, respectively, and/or the decoding key for 
the cipher data) necessary to decode the enciphered 
data is recorded in the auxiliary recording area (called 
BCA), which cannot be rewritten, of each completed 
disk by a method of modulation different from that for 
the ROM area. At Step 865d, a user replays the distrib- 
uted disk, selects a desired enciphered data 'n', and 
starts the decoding process. At Step 865e, the user's 
first computer reproduces the enciphered data and the 
decoding program from the ROM area, and reads the 
decoding data from the auxiliary recording area (BOA). 



If, at Step 865f, the second decoding data is not 
obtained on-line, then, at Step 871a of Fig. 17. the ID 
and/or other auxiliary decoding data are displayed on 
the SCTsen. At Step 871b. the user obtains the second 

5 decoding data such as the password associated with 
the ID. and enters it into the first computer. Carried out 
at Step 871c is a particular operation of an open-key 
cipher function with the disk identification data, the sec- 
ond decoding data, and the enciphered data 'n' If, at 

10 Step 871d, the result is correct, then, at Step 871f. the 
'1 - nth data is translated into plaintext, so that the user 
can nfBke the software of the data 'n' operate. 

Next, with reference to the flowchart of Fig. 18, the 
method of cryptocommunication essential to the Inter- 

15 nel and/or the like using a BOA will be described. Step 
(Process) 868 is the routine of the method of distributing 
the communication program and cipher key for commu- 
nication to users. First, at Step 868a. at least the com- 
munication program and/or connection data are 

20 recorded in the ROM area of an original disk. At Step 
868b, substrates are molded from the original disk, and 
the substrates are laminated in pairs to mal« completed 
ROM disks. At Step 868c, the diskldentificatiort data dif- 
ferent for the pressed disks, respectively, and the cipher 

25 key for cryptocommunication are recorded in the non- 
rewritable auxiliary recording area (BCA) of each com- 
pleted disk. According to circumstances, the connection 
address of the second computer and/or the decoding 
key for cryptocommunication is recorded by a method of 

30 modulation different from that for the ROM area. At Step 
868d, the user's first computer reproduces the commu- 
nication program and the decoding program from the 
ROM area, and reads the disk identification data and 
the cipher key for communication from the auxiliary 
-.35— recording area^ The^jrocess-continues at Fig. 19. At 
Step 867a, it is judged if there is a connection address 
in the BCA area. If yes, the second computer is 
accessed, at Step 867b, on the basis of the connection 
address such as the BCA area URL. If there is no con- 

40 nection address, the computer of the connection 
address in the ROM area is accessed at Step 867c. At 
Step 867d, the transmit data is Input. At Step 867e, it is 
judged if there is a cipher key for cryptocommunication 
in the BCA area. If so, the transmit data is enciphered, 

45 at step 867g, with the cipher tey for cryptocommunica- 
tion in the BOA area to make a third cipher. If not, the 
daia is enciphered, at step 867f, wHh the cipher toy for 
cryptocommunication in the ROM area or HDD to make 
a third cipher. 

50 In Fig. 20, Step (Process) 869 represents the rou- 
tine of generating a decoding key for the cipher received 
from the second computer 910. First, at Step 869a, the 
first computer judges if a decoding key for communica- 
tion is necessary If necessary, the process goes to Step 

55 869b, where a check is made to judge if there is a 
decoding key for communication in the BCA. If there is 
no decoding key. the process goes to Step 869e, iwhere 
a pair of second cipher key for communication and sec- 
ond decoding tey for communication is generated newly 
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with the program for generating the cipher key/decoding 
key reproduced from the ROM area, by the user keying 
or with data from a random number generator and the 
second encoder reproduced from the ROIVI area. At 
Step 869d, a fourth cipher is made which is the second 5 
cipher key for communication and/or the user data enci- 
phered with the cipher key for communication recorded 
in the BCA and the encipherment software reproduced " 
from the ROM area. At Step 869e. the fourth cipher and 
the disk identification data and/or ttie user address are w 
sent to the second computer of the connection address 
reproduced from the disk. The process of the second 
computer includes Step 869f, where the fourth cipher, 
the disk identification data and the user address are 
received. At Step 869g, the decoding key for communi- rs 
cation paired with tine disk identification data is selected 
from the decoding key data base, and the fcHirth cipher 
is decoded with the selected key to obtain the plaintext 
of the second cipher key for communication. At Step 
IB69h. the fifth cipher which is the server data Including so 
part of the user data and enciphered wHh the second 
cipher key for communication Is sent through the Inter- 
net 908 to the first computer. At Step 8691, the fifth 
cipher (and disk identification data) is (are) received, 
and decoded with the second decoding key for commu- ^ 
nicatlon and the decoding function recorded In the ROM 
area to obtain the plaintext of the server data. In this 
way, the method of Step 869 In Fig. 20 realizes two-way 
cryptocommunication between the first and second 
computers. 30 

In Fig. 21, Step (Process) 870 represents the rou- 
tine of receiving accounting data. If, at Step 870a, the 
accounting data is input, the third cipher key of the pub- 
__lic ta^cipher_Jtot jaccQUDting_£Qrnmunication is 
requested from the second computer. At Step 870b, the 35 
second computer requests the third cipher key from the 
-third computer. Ttie third computer 911 sends the ID 
and third cipher key to the second computer, though the 
exchange step is omitted. At Step 870c, the second 
computer receives the ID and third cipher key At Step 40 
870e, the seventh cipher which Is the third cipher key 
enciphered with the second cipher key for communica- 
tion and/or the like is sent to the first computer The first 
computer receives the seventh cipher at Step 870f. At 
Step 870g, the received seventh cipher is decoded with 4S 
the second decoding tey for communication so as to 
obtain the third cipher key (public key of public key func- 
tion). At Step 870h, the third cipher key is recorded on 
the HDD according to circumstances. This is used for 
the next transmission. At Step 8701, it is judged if a so 
credit card number, a password for settlement and/or 
other secret accounting data are input. At Step 870j, the 
eighth cipher which Is the accounting data enciphered 
with the third cipher key Is sent via the second computer 
to the third computer. At Step 870k, the second compu- ss 
ter receives the eighth cipher and transfers it again to 
the third computer. Only the third computer 912, which 
is, for example, at a banking institution, has the decod- 
ing key for the third cipher, so that the second computer, 



which is an electronic store, cannot decode it. At Step 
870m. the third computer determines from the cipher 
key data base the third decoding key associated with 
the third cipher key by using identification data on the 
disk and/or the like, and decodes the eighth cipher with 
(he third decoding key, which Is the secret key of the 
public key cipher, so as to obtain the plaintext of the 
accounting data. At Step 870n, a check is made to 
judge from the user's credit data, deposit remains 
and/or other banking data whether the money can be 
received. At Step STOp. the third computer informs the 
second computer of the result of the search. The sec- 
ond computer, which Is an electronic store, judges at 
St^ 870q if the money can be received. If not, the proc- 
ess goes to Step 870r, where the article and/or the key 
tor decoding the cipher software Is not sent. If the 
money can be received, tor a key provision system as 
shown In Fig. 16, the process goes to Step 870s, where 
the cipher software decoding toy, that is, the article is 
sent via Internet 908 to the user's second conrputer. At 
Step 870t, the first computer receives the cipher soft- 
ware decoding l«y. At Step 870u, the cipher of the '1- 
nlh enciphered software is released. At Step B70w, the 
plaintext of the software is obtained. In this way, a con- 
tent l«y provision system is realized. 

The method of Step 870 in Fig. 21 requests the 
third conpufer, that Is, a banking institution to issue 
according to the need a public key for the third cipher 
key, which needs high security for accounting data. It Is 
not necessary to record the public key In the BCA In 
advance. It Is therefore passible to use for the third 
cipher key a stronger RSA system cipher kdy of 256 
bytes of RSA2048 without consuming the BCA capacity. 
Furth»._.bfi(»use_the[e.iSLJoaj]eedforj:ecQidjng in the 
BCAs of all disle in advance, the total of the issued third 
cipher keys decreases, and the computer CPU time 
taken to compute the third cipher keys decreases. In 
addition, because the third ciphers do not exist in the 
BCAs, they are not opened, so that the security is 
improved. In this case, the role of the BCA is, as shown 
In Figs. 19 and 20, to record the identification data of a 
secret communication disk by means of the cipher key 
of the RSA1024 grade. Only one BCA disk realizes 
ayptocommunicatipn with the second computer, so that 
the effect Is high. 

Wrtfi reference to Fig. 22, Step (Process) 872 of 
cryptocommunication in a case where the cipher key 
and the decoding tey both for communication have 
been recorded in the BCA will be described. At Step 
872g, the first computer 909 sends to the second com- 
puter 910 the ninth cipher which is the user data enci- 
phered with the cipher key for communication 
reproduced from the BCA, the basic identification data 
recorded in the ROM area when the original disk was 
made, and the disk kientification data recorded in the 
BCA area. At Step 872b, the second computer receives 
the ninth cipher, the disk ldent»icatk>n data and the 
basic identification data. At Step 872c, the decoding key 
for communication paired with the disk klentifk»tion 
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data from the decoding ksy data base is retrieved, and 
the ninth cipher is decoded to obtain the plaintext of the 
user data. At Step 872e, the second cipher l<ey associ- 
ated with the disk identif ication data is selected from the 
cipher key data base. In addition, the second connputer 
sends to the first computer the tenth cipher which is the 
server data enciphered with this second cipher and the 
third cipher key received from the third computer by the 
procedure described in Fig. 21 and enciphered with the 
second cipher. The first computer receives the tenth 
cipher at Step 872f. At Step 872g, the received seventh 
cipher is decoded with the second decoding key for 
communication recorded In the BCA, to obtain the plain- 
text of the server data and the third cipher key (public 
key of the public key function). At Step 872h. according 
to the need, the third cipher key Is recorded on the HDD. 
At Step 8^1, it is judged if the accounting data is input. 
If so, the process goes to Step 872j, where the eleventh 
cipher which Is the accounting data enciphered with the 
third cipher key is sent via the second computer to the 
third computer. At Step 872m, the second computer 
sends the eleventh cipher again to the third computer. 
At Step 872m, the third computer determines from the 
third cipher key data base, the third cipher key paired 
with the identification data on the disk and/or the like, 
and decodes the eleventh cipher to ot>tain the plaintext 
of the accouiTting data. At Step 872n, the possibility that 
the money can be received from the user is checked. At 
Step 872p, the result of the search is sent to the second 
computer. At Step 872q, the second computer checks to 
judge if the money can be received from the user. If so, 
for a key provision system as shown in Fig. 16, the proc- 
ess goes to Step 872s, where the cipher software 
decoding key that is, an article is sent via the Internet to 
the user's second computer. At Step 8721 the first com- 
puter receives the cipher software decoding key. At Step 
872u, the cipher of the '1- n'th enciphered software Is 
released. At Step 872w, the plaints of the software iis 
ot>tained. In this way, a content key provisjon system is 
realized. 

The merit of the effect of the method of Step 872 in 
Fig. 22 is that, because both the cipher key and the 
decoding key are recorded in the BCA area, it is not 
necessary to transmit the decoding key and/or the 
cipher key necessary for reception from the second 
computer. The maximum BCA capacity is 188 bytes. A 
public key and/or another cipher function needs only 
128 bytes, and can therefore be recorded. Further, it is 
possible to bidirectionally encipher the grade in 
RSA512. Because seven or eight elliptic functions can, 
as shown in Fig. 7, be stored, elliptic functions are more 
effective. 

With reference to Fig. 23. the operation and effect in 
a case where the first and thirel cipher keys have been 
recorded in the BCA in advance will be explained. 
Because Steps 872a through 872w in Fig. 22 are nearly 
identical with Steps 873a through 873w in Fig. 23, only 
the different steps will be explained. 

The third cipher Key for protectinig the security for 



accounting data and/or other banking data has been 
recorded in the BCA. Therefore, at Step 873e, the sec- 
ond and third computers do not need to generate and 
send the third cipher key. At Steps 873e, 873f and 873g, 

5 the twelfth cipher is sent and received. At Step 873j, the 
third cipher key is read from the BCA area, and the 
user's accounting data is sent via the second computer 
to the third computer The method of Fig. 23 does not 
need the third cipher key generated, sent and received 

10 at all, so that the procedure is simple. 

In the case of electronic settlement systems, in 
general, there are a plurality of accounting centers rep- 
resentative of credit companies. Therefore, naturally, 
there is a need for a plurality of third cipher keys, which 

IS are public toys. As explained with reference to Fig, 7b, 
there is a need for an RSA1024 grade or more, ttiat is, 
128 bytes or more if an RSA c^her function is used. 
The third cipher key 81 7b can therelore enter only one 
place of 188 bytes of the BCA. However, elliptic-function 

20 cipher keys (elliptic ciphers) which have appeared in 
recent years give, with small capacity, security equiva- 
lent to that of RSA. In recent years, RSA function 
RSA1024 has been the lowest standard of banking data 
security While an RSA function needs 128 bytes, it is 

26 said that an elliptic cipher needs only about 20 through 
22 bytes for equivalent security. Therelbre, as shown in 
Fig. 7c. It is possible to store in the BCA seven, eight or 
l^er third ciphers which deal with banking data. The 
use of elliptic functions realizes a BCA-applicatlon elec- 

30 tronic settlement system which can deal with a plurality 
of essential banking centers. Explanation has been 
made, concentrated on the third cipher, but even if an 
elliptic cipher is used for the public key for the first cipher 
key, its effect is similar because high security is tept in 

35 relation to a plurality of electronic stores. 

With reference to Fig. 24, the RAM disk 
recorder/reproducer with a BCA explained with refer- 
ence to Rg. 10 will be described in more detail. As an 
embodiment, the procedure for recording in a RAM disk 

«> in a so-called pay-per-view system will be described. 
First, with its program transmitter 883. a CATV conpany 
or another software company enciphers movie software 
or other contents 880 by using the first cipher key 882 in 
the first encoder to generate a first cipher 900, and 

45 sends this cipher to a decoder 886 such as each user's 
CATV decoder. If the decoder 886 sends a request for a 
particular program through a network to a key issue 
center 884, the center sends the first decoding data 
885a to the first decoding part 887 of the first decoder 

so 886. Thefirst decoding data 885a is a particular piece of 
software such as the scramble release key for the par- 
ticular decoder system ID nuiriber and particular timing 
data 903, and includes a recording permission card 901 
for a RAM disk The first decoding part 887 decodes ttte 

55 first cipher 900 with the system ID 888 and first decod- 
ing dala 885a. In the case of a picture signal, the signal 
descrambled once and scrambled further with another 
cipher to protect the signal from being copied is output 
from the third cipher output part 889. The picture can be 
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viewed and listened to on a general TV 899, though the 
original signal is guarded from being copied. If the 
recording permission code 901a is NO, it is not possible 
to record in a RAM disk 894. If OK, however, it Is possi- 
ble to record in only one RAM disk 894. This method will g 
be explained. 

In the decoder 886, an IC card 902 is inserted, and 
the BCA reproduction part 895 reads the BCA of the 
RAM disk 894 in a RAM recorder. Then the disk ID 905 
is sent to the IC card 902. The IC card 902 checks the io 
recording permission code 90 1a and the present time 
data 904 obtained from the disk IC 905 and the decoder 
888, and makes a two-way hand-shake type copy check 
907 with the third cipher output part 889. If the recording 
permission code and cop/ checks are OK, the second is 
auxiliary encoder 891 in the IC card 902 issues a sec- 
ond cipher key 906. The second encoder 890 enciphers 
the third cipher again to generate a second cipher, 
which is the contents 880 enciphered with the disk ID of 
a particular disk, The second cipher is sent to the RAM 20 
recorder 892, where it is 8-15 or 8-1 6 modulated by the 
first modulation part in the recording means 893. The 
second cipher 912 is recorded in the first recoiding area 
894a of the RAM disk 894 by means of a laser. In this 
way, the data of the RAM disk 894 is enciphered with 25 
the particular disk ID number. 

When the reproduction signals in this disk are 8-16 
demodulated by the first modulation 896a using a nor- 
mal reproduction means 896, the second cipher of the 
contents is output. The second decoder 897 has second 30 
decoding keys 898a, 898b and 898c, which correspond 
to the cipher keys of the IC cards different for CATV sta- 
tions or other program supply companies, respectively. 
liiJhis_cs&e._th^e.decoding key identifi(»tiQadata.Df.the: . 
decoder 868 or IC card 886 has been recorded in the 35 
first recording area 8948. The reproducer reads the 
decoding toy Hdentification -data-913-irom lhe- first 
recording area 894a. The decoding tey selection 
means 914 automatically selects out of the decoding 
keys 898a through 898z the second decoding key 898a 40 
corresponding to each cipher key With the disk ID 905a 
as a key, the second decoder 897 decodes the second 
cipher. An IC card having a particular decoding key 
might be used. In the case of an image, it is possible to 
obtain a normal image descrambled at a TV 899a. 45 

In the system of Fig. 24, a disk ID 905 Is sent to the 
IC card inserted into the decoder in each user's home to 
encipher picture image data and/or the like. It is there- 
fore not necessary for the software company 883 to indi- 
vidually change the cipher of the contents for so 
distribution to users. Consequently, when broadcasting 
scrambled pay-per-view images to a great number of 
viewers as is the case with satellite broadcasting and 
CATV, it is possible to permit recording in only one RAM 
disk per user. 55 

If, at the same time when recording is made In a 
disk in the system of Rg. 24, an attempt is made to ille- 
gally copy, that is, record in a second disK that is, a 
RAM disk of another disk ID, it is not possi}le to alter the 



disk ID because two-layer disks are used for BCAs. 
Therefore, unauthorized copying in the second disk at 
the same time is prevented. It can be considered that 
during another time period, a simulated or dummy 
recording pennission code 901a and/or a third cipher is 
sent to the decoder and/or IC card and data is recorded 
in a RAM disk of another disk ID. Even against such 
unauthorized practice, the decoder time data control 
part 902 in the IC card compares the time of the timing 
data 903 of the key issue center 884 and/or the time of 
the time data of the contents and the present time of the 
time data part 904a in the decoder to judge if they coin- 
cide. If so (OK), the IC card 902 permits the encipher- 
ment of the second cipher computing unit 990. 

In this case, a hand-shate type time check method 
might be used which makes the second encoder 890 
and first decoder 887 exchange check data bidirection- 
aily 

In the case of the hand-shake type, the second 
cipher computing unit 890 including the IC card, the first 
decoding part 887, and the third cipher part 889 confirm 
the cipher data bkiirectionally This prevents the unau- 
thorized copying during the olher time periods outside 
the time when the contenis are sent. 

In this way, in each user's decoder 886, the soft- 
ware company's contents are recorded In only one RAM 
disk 894 tor each particular disk ID. This disk can be 
reproduced by any RAM disk reproducer. Even in the 
case of recording in a RAM disk by the method of Fig. 
24, the software company's copyright is protected. 
AHhoughthe encipherment and decoding have been 
explained with reference to the cipher encoders and 
cipher decoders, respectively, in the detailed description 
of Jbextcawiogsjhe cipher algorithm and the d&ooding 
algorithm are practically used with programs in a CPU. 

INDUSTRIAL APPLICABILITY - 

By thus recording in advance the cipher key and/or 
the decoding key for an ID and/or a cipher in the BCA 
area of an optical disk, it is possible to release the 
cipher of enciphered contents by a simpler procedure. 
In addition, the secrecy of communication is realized 
without a conventional procedure for registration. By 
storing a network check program in contents, it is possi- 
ble to prevent pieces of software of the same ID on the 
same network being installed. Thus, there are various 
effects on the improvement of security. 
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20 Claims 

i. An optical disk including a first recording area, 
where main data are recorded In the form of pits, by 
a first method of modulation, and a second record- 

2S ing area which is a predetermined area in the first 
recording area, where a plurality of radially long 
parts of a reflection film are removed partially, so 
that auxiliary data are recorded by a second 
method of modulation, which differs from the first 

30 method, the optical disk being characterized by: 

the auxiliary data including a first identification 
data recorded therein for identifying individual 
optical disks; and 
35 — the main data including an impermissible part 
recorded therein which can be used with the 
first identification data and/or a specified pass- 
word. " 

40 2. The optical disk described in Claim 1, and further 
characterized in that it is a read only type optical 
disk 

3. The optical disk described in Claim 1 or 2, and fur- 
45 ther characterized by a specified password being 

obtained through a specified operation with the first 
identification data. 

4. The optical disk described in Claim 1 or 2, wherein, 
so in addition to the first identification data for identify- 
ing individual optical disks, a cipher key for a cipher 
and/or a decoding key for a cipher is recorded in the 
auxiliary data. 

55 5. The optical disk described in Clann 1 or2, and fur- 
ther characterized by the first method of modulation 
being a method of 8-16 modulation, and the second 
method of modulation being a method of phase 
encoding modulation. 
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6. A methcxd of permitting the use of a program, tfie 
method being characterized in that it comprises the 

steps of: 

reproducing an optical disl< including a first s 
recording area, where main data are recorded 
in the form of pits, by a first method of modula- 
tion, and a second recording area which is a 
predetermined area in the firet recording area, 
where a plurality of radially long parte of a io 
reflection film are removed partially, so that 
auxiliary data are recorded by a second 
method of modulation, which differs from the 
first method, the auxiliary data including a first 
identification data recorded therein for identify- rs 
ing individual optical disks and a cipher key for 
a cipher and/or a decoding key for a cipher, the 
main data Including an Impermissible part 
recorded therein which can be used with the 
first identification data andtor a specified pass- 20 
word; 

reproducing the first identification data from the 
auxiliary data; and 

enabling the impermissible part to be used and 
outputting it with the first identification datei 2S 
and/or the specified password. 

7. The method of permitting the use of a program 
described in Claim 6, and further characterized by 
the specified password being obtained through a so 
specified operation with the first identification daita. 

.8. A method of cryptocommunication characterized in 
tint it comprises the steps of : 

■ 35 

reproducing in a first computer an optical disk 
including a first recording area, where main 
data are recorded in the form of pits, by a first 
method of modulation, and a second recording 
area which is a predetermined area in the first 40 
recording area, where a plurality of radially long 
parts of a reflection film are removed partially, 
so that auxiliary data are recorded by a second 
method of modulation, which differs from the 
first method, the auxiliary data including a first 45 
identification data recorded therein for identify- 
ing individual optical disks and a first cipher key 
for a cipher and/or a decoding key for a cipher; 
reading the first identification data and the first 
cipher key from the auxiliary data; so 
obtaining a first cipher which is a first data enci- 
phered with the first cipher key and cipher algo- 
rithm; and 

sending the first cipher from a communication 
means of the first computer through a network 55 
to a second computer. 

9. The method of cryptocommunication described in 
Claim 8, and further characterized by the cipher 



algorithm being read from the main data. 

10. A method of cryptocommunication characterized in 
that it comprises the steps of: 

reproducing main data from a first recording 
area of an optical disk in a first computer ; 
reproducing auxiliary data from a second 
recording area, the auxiliary data including a 
first identification data for identifying individual 
optical disks and a first cipher toy for a cipher 
and/or a decoding key for a cipher; 
enciphering a first data in the first computer 
with the first cipher key in the auxiliary data by 
cipher algorithm to make a first cipher; 
connecting to the second computer of a partic- 
ular connection address through a network to 
send the first cipher and the first identification 
data in the auxiliary data; 
receiving the firet identification data and ttie 
first cipher in the second computer; 
selecting the first decoding key which is the 
decoding key for the cipher corresponding to 
the first identification data received from a first 
decoding key database, where a relationship 
between the first decoding key and the first 
idertiification data is stored; and 
decoding the first cipher on the basis of the first 
decoding key to obtain the first data. 

11. The method of cryptocommunication described in 
Claim 10. and characterized in Wiat it conprises the 
further steps of: 

generating with a first means for generating 
ciphers in the first computer a second cipher 
key and a second decoding key paired with 
each other; 

obtaining a third cipher which is the second 
cipher key enciphered with the first cipher key 
in the first computer; and 
sending the third cipher to the second compu- 
ter. 

12. The m^hod of cryptocommunteation described in 
Claim 11 , and characterized in that it comprises the 
further steps of: 

decoding the received third cipher with the first 
decoding key to obtain the plaintext of the sec- 
ond cipher key in the second computer; 
obtaining a fourth cipher which is the second 
data enciphaed with the second cipher key; 
and 

sending the fourth cipher to the first computer. 

13. TTie ihelhod of cryptocommunication descrbed In 
Claim 8, and further characterized in that, at the 
step of reproducing two or more cipher kB<f6 and/or 
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decoding keys for public key cipher from auxiliary 
data which include public key cipher, at least one of 
the cipher keys and the decoding keys is an ell^tic 
function cipher. 

14. The method of cryptocommunicatlon described in 
Claim 8, and characterized in that it comprises the 
further step of using an optical disk with auxiliary 
data including a connection address data of the 
second computer, and reproducing the connection 
address from the auxiliary data. 

1 5. An optical disk recorder for modulating a main data 
by a first method of modulation and recording the 
data by radiating a laser beam through an optical 
lens on to the recording layer of a first recording 
area of an optical disk, the recorder being charac- 
terized by: 

reproducing, before recording, the auxiliary 
data in a second recording area, where a first 
identification data and a first cipher key for a 
dpher and/or a decoding key for a cipher are 
recorded by a second method of modulation; 
making a main cipher wWch is the main data 
enciphered with the first identification data 
and/dr the first cipher key and particular cipher 
algorithm; and 

recording the main cipher in the recording layer 
of the frst recording area by the first method of 
modulation. 

16. The optical disk recorder described in Qaim 15, 
and further characterized by. 

receiving in a reception part the second cipher 
which is the first data enciphered with second 
cipher algorithm and a recording permission 
data permitting recording the first data in an 
optical disk; 

obtaining a second decoded data through 
decoding the second cipher with a second 
decoding means; 

making a main cipher through enciphering the 
second decoded data with first cjpher algorithm 
different from the second cipher algorithm and 
an auxiliary data in a cpher computing means; 
and 

recording the main cipher in the first recording 
area of the optical disk only if the recording per- 
mission data is present. 

17. The optical disk recorder desCTibed In Qaim 16, 
and characterized by: 

mounting an IC card having a computing unit 
therein; 

inputting irtto the IC card the first identifk»tlon 
data for Mentifying the disk of the auxiliary 



data; 

computing the first Identifteation data with tfie 
computing unit; 

inputting the result of the computation into the 
5 cipher computing means from the IC card; 

obtaining a main cipher which is an enciphered 

second decoded signal; and 

recording the main cipher In the optical disk. 

10 18. An optical disk reproducer characterized 1:^ 

reading with an optical headland a first means 
of demodulation an optical disk including a first 
recording area, where a main cipher is 

15 recorded by a first method of modulation, the 

main cipher being a first data enciphered with a 
first identification data by a cipher means ; 
reproducing with the optical head and a second 
means of demodulation an auxiliary data 

20 recorded in a second recording area of tie opti- 

cal disk by a second method of demodulation; 
and 

obtaining the first data by decoding the main 
cipher by means of the decoding means with 
2$ the first identification data in the auxiliary data 

or a first auxiliary identification data which Is 
obtained from the first identification data 
through a predetermined computation. 

30 19, The optical disk reproducer described in Claim 18, 
and further characterized by the method of modula- 
tk>n-demodulation of the first means of demodula- 
tion being a method of 8-16 modulation- 
demodulatk>n, and the method of dennodulation of 

35 .^ flie second means of demodulation being a method 

of phase encoding demodulation. 

20. The optical disk reproducer described in Claim 18, 
and further characterized by the decoding means 
40 including a number "n" of decoding keys, and 
selecting one of the decoding keys on the basis of a 
decoding key identification data reproduced from 
the main data in the optical disk. 

45 21. The method of permitting the use of a program 
described in Claim 6. and characterized in that it 
comprises the further steps of : 

connecting a first computer through a network 
so to the second computer with a particular 

address; 

sending to the second computer the first identi- 
fication data for identifying the disk in the auxil- 
iary data; 

55 conputing in the second computer the first 

identification data through a particular cipher 
operation, and sending the resultant (obtained) 
password to the first computer; 
computing the password and the first identifica- 
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tion data in the decoding operation part of the 
first computer, and sending the resultant sec- 
ond decoding code to a cipher decoder; and 
enabling an impermissible part of the main 
data in the optical disk to be used with the sec- s 
ond decoding code by means of the cipher 
decoder. 



recording area, where a reflection film is removed 
partially in the form of radially long bars from which 
the data cannot be read with the naked eye, so that 
auxiliary data are overwritten by a second method 
of modulation, which differs from the first method, at 
a lower recording density than the main data, the 
optical disk being characterized in: 



22. A method of inspecting the illegal installation of a 
program, the method being characterized In that it 
comprises the steps of: 

reproducing with a first computer an optical 
disk including a first recording area, where 
main data are recorded in the fbnm of pits, by a 
first method of modulation, and a second 
recording area which is a predetermined area 
in the first recording area, where a reflection 
film is removed partially, so that auxiliary data 
are overwritten by a second method of modula- 
tion, which differs from the first method, the 
auxiliary data including a first Uentif ication data 
recorded therein for identifying individual opti- 
cal disks, the main data including ai first pro- 
gram, an installation program for installing the 
first program in the hard disk in the first compu- 
ter, and a communication program recorded 
therein; 

reproducing the first identification data from the 
auxiliary data; 

Installing the first program in the hard disk; 
recording in the hard disk the first identification 
data or the first auxiliary identification data 

_whichJaLebtaiafid_.ffDJ5i__the.fitstJdentif ication 

data through a predetermined computation; 
and 

sending, when the Installed first program starts 

or performs a particular operation, the first 
identification data or ttie first auxiliary identifi- 
cation data by means of the communication 
program to a second computer connected 
through a network to the first computer; or 
checking through the network the second iden- 
tification data which corresponds to the first 
identification data in the hard disk of the sec- 
ond computer or the second auxiliary identifi- 
cation data which is the second identification 
data computed through a particular operation; 
and 

limiting the particular operation of the first pro- 
gram or adding a particular operation when the 
first and second identificatton data coincide or 
the first and second auxiliary identification data 
coincide. 

23. An optical disk including a first recording area, 
where main data are recorded in the form of pits, by 
a first method of modulatk>n. and a second record- 
ing area which is a predetermined area in the first 



that a first identification data for identifying indi- 
10 vidual optical disks is recorded in the auxiliary 

that a first data is recorded in the main data in 
the first recording area of the c^cal disic, and 
thait a data associated with the first Identifica- 
75 tion data is printed as a merchandise bar code 

which can be read by a merchandise bar code 
reader. 

24. The optical disk described in Claim 23, and further 
20 characterized by the merchandise bar code being 

printed on the side other than the reproduction side 
of the optical disk. 

25. A method of permission to use the program of a first 
SB data in an optical disk, the method being diaracter- 

Ized in that it comprises the steps of: 

reading a first identification data or a first auxil- 
iary identification data with a merchandise bar 
30 code reader in a first computer from an optical 

disk including a first recording area, where 
main data are recorded in the fam of pits, by a 
first method of modulatkin, and a second 
recordino_atea_fflhidi_feL ajatedetermioed area 
35 in the first recording area, where a reflection 

fim is partially removed, so that auxiliary data 

— are ovenwritterrby a second method of modula- 

tbn. which differs from the first rnethod, the 
auxiliary data including the first identification 
40 data recorded therein for identifying individual 

optical disks, the main data in the first record- 
ing area of the optical disk including an imper- 
missible part the use of which is not permitted, 
the optical disk having a bar code printed ther- 
ms eon from which the merchandise bar code 
reader can read the first identification data or 
the first auxiliary identification data associated 
with the first identification data; 
sending the first identification data or the first 
£0 auxiliary identification data through a network 
to a second computer; 

computing with the second computer through a 
cipher operation on the basis of the first identl- 
f icafion data to make a permission data which 
55 permits the use of an impermissible part; 

sending the permission data to the first compu- 
ter; and 

printing the permission data on paper witii a 
printing means by the first computer. 
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26. An optical disk including a first recording area, 
where main data are recorded in the form of pits, by 
a first method of modulation, and a second record- 
ing area which is the first predetermined area in the 
first recording area, where a plurality of radially long 5 
parts of a reflection film are removed partially, so 
that auxiliary data are ovenwritten over the pits in a 
low frequency band for frequency separation from 
the main data, the optical disl« being characterized 



the auxiliary data including a first identification 
data recorded therein for identifying individual 
optical disks; and 

the main data including an impermissible part 15 
recorded therein which can be used with the 
first identification data and/or a specified pass- 
word. 



27. The optical disk described in Claim 26, and further 20 
characterized by being a read only type optical disk. 

28. The optical disk described in Claim 26 or 27, and 
further characterized by the specified password 
being obtained through a specified operation with 25 
the first identification data. 



ss 



50 



17 



EP 0 802 527 A1 




EP 0 802 527 A1 




EP 0 802 527 A1 



Fig. 3a 



Top Plan 
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(main data)^ 
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Fig- 3b Barcode 
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Fig. 3d Recorded Data 

Reproduced Signal 

Fig. 3b Reproduced 

Signal ^2 

Fig. 3f Filtered s 
Fig . 3g Reproduced Data 
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Fig. 5a waveform of Reproduced signal Not Vet Filtered 

T (S) (NS) orT (S) c^T (NS) 
^ US) > < T (NS) ^ 




rule of reflectancel s /I 14h ^0.1 

Fig. 5b Slit Dimension Accuracy (Precision) ( at r=22.2nim) 
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Fig. 12 



Installation 
program 



Regenerate ID from (auxiliary 
data of) BCA. 



877c 



Record soft ID which is computed ID in HDD 



Read contents and network check 
software from main data of optical 
disk, and record them in HDD. 





r Completion 



Start or ^)^^ 







Regenerate soft ID from HDD. and check if there is 
soft ID of same number in HDD of another personal 
computer on network, or send soft ID to second 
computer. 
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Fig. 16 



^ Method of t^^^oding Cipher ^ 



Distribution of Cipher Data and Individual IDs to Users 



/865a 



Record, In ROM area of one original disk, number 
'm' of data enciphered with secret first cipher key 
and program for decoding number 'm' of 

enciphered data. 



Mold substrates from original disk and bond 
substrates in pairs to make ROM disks. 



Record, in non-rewritable auxiliary recording area 
(BCA) of each completed disk, decoding data (disk 
identification data different for pressed disks and/ 

or decoding key for cipher data) necessary to 
decode enciphered data by method of modulation 
different from that for ROM area. 



Y ^ ^8 65d 

User replays disk and selects enciphered data 'n'. 
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Fig. 17 



Display decoding data on screen. 



-A/ 



User enters second decoding data. 



Carry out particular operation wittn disk 
identifjcatlon data, second decoding data, 
enciphered data 'n' and public key system 
cipher function. 



-/\J 
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Fig. 18 



( Method of Distributing Cipher \ 
V Keys for Communication / 



Distribution of Communication Programs and 
Cipher Keys for Communication to Users 

_ ^ : . 



Record communication program in ROM area of 
one original disk. 



Mold substrates from original disk and bond two 
substrates to make ROM disks. 



Record, in non-rewritable auxiliary recording area 
(BOA) of completed disk, disk identification data 
different for pressed disks and cipher key for 
cryptocommunication and/or connection address of 
second computer and/or decoding key for 
cryptocommunication by method of modulation 
- riiffftrt^nt from tliat fnr ROM area, 



Reproduce communication program and enclpherment 
program from ROM area and read disk Identification 
data and cipher key for communication from auxiliary 
recording area. 
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Fig. 19 




Connect to computer of 
connection address in ^ 
ROM area. 



Connect to 
connection address 
inRCAarfifi, 



I nput transmit data, p ^/ 




Encipher data with cipher 

key for 
cryptocorrimunication in 
ROM area or HDD, and 
make third cipher. 



Encipher transmit data with 
cipher key for 
cryptocommunication In 
BCA area, and nnake third 
cipher. 
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Fig. 20 



Processing) of Firsl /Ox Decoding Key 
Computer 909 ( D jGeneralion Routine 




Generate second cipher Key for 
communlcalion/second decoding 
key for communication by user 
keying or with random number 
generator and second encoder. 



Make fourth cipfier which is second 
cipher key for communication and/or 
user data enciphered with cipher key for 
communication recorded in BCA. 



Send fourth cipher and disk 
identification data and/or user address 
to second computer of connection 
address recorded in disk. 



Receive fifth cipher (and disk 
identification data), and decode it with 

said second decoding key for 
communication and decoding function 
recorded in ROM area, to obtain said 
server data 



Select decoding key for 

communication 
corresponding to disk 
identification data from 
decoding key data base, 
decode tourtn cipher and 
obtain second cipher key 
for communication. 



Send, to first computer, 
fifth cipher which is server 
data including part of user 
data and enciphered with 
second cipher key for 
communication. 
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Fig. 21 



Pfocess(ing) of FirsiJ 
Computet' 
909 , 




Receive seventh cipher. 



Decode recetved seventh cipher with 
said decoding key for communication to 
obtain third cipher key (public key of 
public key function) . 




Send, via second computer to third 
computer, eighth cipher which is said 
accounting data endphered with third 
cipher key. 



870U 



Garry out particular operation with public 
key system cipher function for second 
decoding data, disk identification data 
and enciphered data 'n'. 



Conven data into | . 870w 
plaintext. 



Receive third cipher keyj 



Send seventh cipher 
which is enciphered 
third cipher key to first 
cornputer. 



1 ^° 



Transfer eighth cipher to 
third computer. 



anadecode eigmn ciDner to 
obtain agCQ^ntpg aata 



Check possibility that 
I money can t)e received. 



Inform second computer of 
■ result. _ 



Send second decoding data 
key (or 'nih cipher data to first 
mrnputer. 
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Fig. 22 




Send, to second computer, ninth cipher 
which is user data enciphered with 
cipher key for communication, basic 
patent identification data recorded in 
ROM area when original disi< was made, 
and disk identification data recorded In 
BCAarea. 



Receive tenth cipher. 
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Decode received seventh cipher with 
said decoding key for communication 
recorded in BCA, to obtain server data 
and third cipher key (public key of public 
key function). 
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Record new cipher key in HDD. 




Send, via second computer to third 
computer, eleventh cipher which Is said 
accounting data enciphered with third 
cipfier key. 



/872t 



Carry out particular operation vnlh public 
key system cipher (unction for second 
decoding data, disk identification data 

and enciphered data 'n'. 



Convert data into I . gyow, 
pla J. 



corresponding to disk 
identification data from 
decoding key daf " 



Select second cipher key 
corresponding to disk 
identification data from 
cipher l<ey data base, and 
send, to first cpmputer, tenth 
cipher which is server data 
enciphered with this second 
cipner and third cipher key 



Send eleventh cipher to third I 
computer. | 



Process(ing) of > 
Third Computer * /-y/ 
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Find out, from new cipher key 

data base, third ciprier key 
corresponding to identification 
data on disk and/or the like, and 

decode eleventh cipher to 
obtain accounting data plaintext. 



Check possibili^ that 
money can be reoeivgd. I 
t ^/672p 




Send second decoding data 
key for 'n'th ciphr- '*'•*" *~ 
compu 



Second Computer 1 
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Fig. 23 



0 



Pfocess(ing) of First 
Computer 



Send, to second computer, ninth cipher 
which is user data enciphered with 
cipher key for communication, basic 
identification data recorded in ROM area 
when original disk was made, and disk 
identification data recorded in BCA area 



Receive twelfth cipher. 



Decode received seventh cipher with 
said decoding l^ey for communication 
recorded in BCA, obtaining server data 



I Record new cipher key in HDD. 




Send, via second computer to third 
computer, thirteenth cipher which is 
said accounting data enciphered with 
third cipher key regenerated from BCA 
area. 



t: 
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Carry out particular operation with open 
key system cipher function for second 
decoding data, disk Identification data 
and enciphered data 'n'. 



Convert data into 
Plaintext. 



Process(ing) of 
Sec ond Computer 



Receive ninth cipher, disk 
identifk^ation data and 
basic identification data. 



Select decoding key for 

communication , 
corresponding to disk 
identification data from 
decoding key data ^ase, 
and decode ninth cipher 
to obtain user data 
plaintext. 



Select second cipher key 
corresponding to disk 
identification data from 
cipher key data base, and 
send, to first computer, 
twelfth cipher which is server 
data enciphered with this 
second cipher. 



Send eleventh cipher to third 
computer. 



Process(ing) of 
Third Computer y /a/ 



873m 



Find out, from new cipher key 

data base, third cipher key 
corresponding to identification 
data on disk and/or the like, and 

decode thirteenth cipher to 
obtain aixounting data plaintext. 



873n 



I rnQfi9V can be rQ'?9iv9d. 



..STOP 
/ 873s 873r 



Send second decoding data 
key for "n'th cipher data to first 
CQm&uir' 



Second Computer 
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